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Abstract. We propose a system that allows users to securely send 
and receive messages, and subscribe to broadcast messages, using a 
trustless decentralized peer-to-peer protocol. Users need not 
exchange any data beyond a relatively short (around 36 character) 
address to ensure security and they need not have any concept of 
public or private keys to use the system. It is also designed to mask 
non-content data, like the sender and receiver of messages, from 
those not involved in the communication. 


1. Introduction 


Email is ubiquitous but not secure. The ability to send encrypted messages is necessary but current 
solutions are too difficult for people to use: users must exchange both an email address and an encryption 
key through a trusted channel (like in person or by phone). Even users who do know how to use tools 
like PGP/GPG usually do not put forth the effort to do so unless they are particularly concerned about the 
message content. Novice users have a difficult time learning how to use the software because the 
relationship between public and private key pairs, and their uses, are foreign concepts. Even if users do 
manage to use PGP/GPG for communications, encryption alone does not mask the sender and receiver of 
messages. Government agencies in several countries are collecting call-detail records for all individuals 
and storing them in large databases for use in social-network-analysis [1][2][3]. There would be nothing 
stopping them from collecting the content of phone calls and messages also, and indeed, officials have 
told the New York Times that the United States’ National Security Agency has engaged in 
“overcollection” [4]. 

Hiding one’s identity is difficult. Even if throw-away email addresses are used, users must connect to an 
email server to send and retrieve messages, revealing their IP address. If they use Tor to connect to a web 
server, they depend on the X.509 system for security. This system enables HTTPS. X.509 certificate 
authorities have suffered hacks in recent years including one incident where Iran used a fraudulent but 
mathematically valid certificate that was signed with the key of a hacked certificate authority (DigiNotar) 
to conduct a man-in-the-middle attack against its citizens who were using Google services like Gmail 


(5][6]. 
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As the security of HTTPS is only as strong as the least trustworthy or competent certificate authority, the 
fact that there are over 1000 CA certificates trusted by Windows or Firefox, which are owned by 
hundreds of different organizations [7], should give all users great pause. Also, if just one of those 
organizations is run by a government agency, and if they have certain network hardware in place 
between users and destination servers, then they would be able to perform a targeted man-in-the-middle 
attack of ostensibly secure communications at will. 
What is needed is a communications protocol and accompanying software that encrypts messages, masks 
‘ the sender and receiver of messages from others, and guarantees that the sender of a message cannot be 
spoofed, without relying on trust and without burdening the user with the details of key management. In 
this paper, we propose such a protocol. 


2. Authentication 


We propose a system where users exchange a hash of a public key that also functions as the user’s 
address. If the public key can be obtained by the underlying protocol, then it can easily be hashed to 
verify that it belongs to the intended recipient. The data exchanged by the user can also include a version 
number for forwards capability, a stream number (the purpose of which will be discussed later), and a 
checksum. Encoded with base58 and prepended with recognizable characters (like BM for Bitmessage), 
an example address would be: BM-2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. While certainly more 
cumbersome than an email address, it is not too much to type manually or it can be made into a QR-code. 
Users have already demonstrated this to be acceptable as Bitcoin addresses are similar in format and 
length [8]. This address format is superior to email in that it guarantees that a message from a particular 
user or organization did, in fact, come from them. The sender of a message cannot be spoofed. 


3. Message Transfer 


We propose a message transfer mechanism similar to Bitcoin’s transaction and block transfer system [8] 
but with a proof-of-work for each message. Users form a peer-to-peer network by each running a 
Bitmessage client and forward messages on a best-effort basis. In order to send a message through the 
network, a proof-of-work must be completed in the form of a partial hash collision. The difficulty of the 
proof-of-work should be proportional to the size of the message and should be set such that an average 
computer must expend an average of four minutes of work in order to send a typical message. With the 
release of new software, the difficulty of the proof-of-work can be adjusted. Each message must also 
include the time in order to prevent the network from being flooded by a malicious user rebroadcasting 
old messages. If the time in a message is too old, peers will not relay it. If the sender of a message did not 
receive an acknowledgement and wishes to rebroadcast his message, he must update the time and 
recompute the proof-of-work. 

Just like Bitcoin transactions and blocks, all users would receive all messages. They would be responsible 
for attempting to decode each message with each of their private keys to see whether the message is 
bound for them. 


4. Scalability 


If all nodes receive all messages, it is natural to be concerned about the system’s scalability. To address 
this, we propose that after the number of messages being sent through the Bitmessage network reaches a 
certain threshold, nodes begin to self-segregate into large clusters or streams. Users would start out using 
only stream 1. The stream number is encoded into each address. Streams are arranged in a hierarchy. 
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A Bitmessage client should use a negligible amount of hard drive space and processing power. Once it 
starts exceeding comfortable thresholds, new addresses should be created in child streams and the nodes 
creating those addresses should consider themselves to be members of that stream and behave as such. 
From then on, if the node has no active addresses in the parent stream, they need only maintain 
connections with peers which are also members of this child stream. With the exception of nodes in 
stream 1, the root stream, nodes should occasionally connect to peers in their parent stream in order to 
advertise their existence. Each node should maintain a list of peers in their stream and in the two child 
streams. Additionally, nodes should each maintain a short list of peers in stream 1. In order to send a 
message, a node must first connect to the stream encoded in the Bitmessage address. If it is not aware of 
any peers in the destination stream, it connects to the closest parent stream for which it is aware of peers 
and then downloads lists of peers which are themselves in the two child streams. It can now connect to 
the child stream and continues this process until it arrives at the destination stream. After sending the 
message and listening for an acknowledgement, it can disconnect from the peers of that stream. If the 
user replies to the message, their Bitmessage client repeats the same process to connect to the original 
sender’s stream. After this process has been carried out once, connecting to the destination stream a 
second time would be trivial as the sending node would now already have a list of nodes that are in the 
destination stream saved. The formulas to calculate a stream’s parent and children are simple: 


Parent of n= (E ifn> ‘} 


null ifn<1 
Children of n = [n-2,(n-2) + 1] 
5. Broadcasts 


Because all users receive all messages, a natural extension of the system is to support broadcast messages. 
Users, through word of mouth, learn of a broadcaster who publishes content of interest to them. After 
entering the broadcaster’s Bitmessage address into a ‘Subscription’ section of their Bitmessage client, 
messages from the broadcaster appear in the user’s inbox or, if the Bitmessage protocol is implemented 
within another application, serve a different purpose. This would allow an individual or organization to 
anonymously publish content using an authenticated identity to everyone who wishes to listen. 


6. Behavior when the receiver is offline 


An object is a public key request, a public key, a person-to-person message, or a broadcast message. 
Objects are broadcast throughout a Bitmessage stream. We propose that nodes store all objects for two 
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days and then delete them. Nodes joining the network request a list of objects from their peer and 
download the objects that they do not have. Thus they will receive all messages bound for them that were 
broadcast during the last two days. If a node is offline for more than two days, the sending node will 
notice that it never received an acknowledgement and rebroadcasts the message after an additional two 
days. It will continue to rebroadcast the message, with exponential backoff, forever. In the worst case, if a 
user is offline for n days, he must go back online and stay connected for n days (or connect once every 
two days for n days) in order to receive all of his messages. 


7. Passive operating mode 


A particularly paranoid person who wishes to receive messages may operate in an entirely passive mode 
by specifying, in flags attached to his public key, that he will not send acknowledgements. It would, 
perhaps, be wiser for him to instead send acknowledgements but to recruit another possibly random 
node to send the acknowledgement for him. The other node need not even be aware that he has been 
recruited for this purpose. 

Suppose that Alice sends Bradley a message but Bradley is too paranoid to send an acknowledgement 
because he fears that an attacker, Eve, is eavesdropping on his particular Internet connection in an 
attempt to locate him. Eve would be able to see that the acknowledgement from Bradley was broadcast 
from his machine earlier than from other machines, indicating that he is operating at that location. 
Bradley may instead choose to package the acknowledgement up in another message and send it to either 
a friend or a random Bitmessage public key (let us say it is owned by Charlie). If Charlie is online, he will 
broadcast the acknowledgement thus simultaneously acknowledging both messages at once. Bradley 
may also choose to distribute his public key, make broadcasts, or make a public key request in this 
manner. For example, in either the next message he sends to a friend or in a blank message to Charlie, he 
can include his public key as the acknowledgement data. This would serve to simultaneously 
acknowledge receipt of Bradley’s message and also distribute his public key without having it originate 
from his Internet connection unencrypted. Even if Eve is also monitoring Charlie’s Internet connection, 
she would not be able to tell whether Bradley is truly at that location (or if Bradley and Charlie are 
actually the same person). Indeed, Bradley probably is not at the location and Bradley and Charlie might 
very-well not even know each other. Even if most people do not use this operating mode, the fact that 
some people do would provide plausible deniability to those who do not. 


8. Spam 


The existing proof-of-work requirement may be sufficient to make spamming users uneconomic. If it is 
not then there are several courses of action that can be taken: 

e Increase the difficulty of the proof-of-work. 

e Have each client distribute x public keys for each public key that they actually use. Acknowledge 
messages bound for those public keys but never show the user the messages. Spammers would 
need x times as much computing power to spam the same number of users. 

e Include extra bits in Bitmessage addresses and require that those bits be included in a message, 
thus proving that the sender has the Bitmessage address. Including an extra two bytes of data in 
a Bitmessage address would make the address 9% longer but would make spamming a user 
require 65536 times as much computing power. Bots who crawl the web looking for Bitmessage 
addresses would thwart this option. 
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9. Conclusion 


We have presented a system that not only bridges the gap between the ease of use of email and the 
security of PGP/GPG, but also hides “non-content” data from prying eyes. The hassle of using a non- 
human-friendly address should be more than offset by the benefit of gaining privacy without having to 
trust fallible (or malicious) central authorities. The broadcast & subscription feature should prove 
especially useful to anyone wishing to anonymously publish content regularly. Paired with the 
BitTorrent protocol, individuals could distribute content of any size. 
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J Bitmessage / PyBitmessage 


Branch: mastery 


Commits on Nov 19, 2012 


Merge pull request #1 from Atheros1/master_ --- RH © 8997966 ° 
& Jonathan Warren committed on Nov 19 2012 


added COPYING file areces «> 
BB Atherost committed on Nov 19 2012 


Merge branch ‘master’ of github.com:Atheros1/PyBitmessage e sc © 
& Atheros! committed on Nov 19 2012 


added initial files to repo ra = o 
GB Atheros! committed on Nov 19 2012 


Commits on Nov 11, 2012 


Initial commit & | 2zFiave © 
a Jonathan Warren committed on Nov 11 2012 


Newer 





https://github.com/Bitmessage/PyBitmessage/commits/master?after=634a49cd6d8fc2f525... 7/22/2019 
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lL! Bitmessage / PyBitmessage 


Branch. master 


Commits on Dec 18, 2012 


updated defaultKnownNodes RB eeaz7c2 © 
a Jonathan Warren committed on Dec 18 2012 


Merge branch ‘master’ of github.com:Atheros1/PyBitmessage ral 
& Jonathan Warren committed on Dec 18 2012 


8a0460e © 


Commits on Dec 10, 2012 


Merge pull request #14 from Atheros1/master -- 2  c3Fized © 
& Jonathan Warren committed on Dec 10 2012 


Clear status bar if it is currenlty displaying a warning that you are... -- & 4939715 © 
BB Atherost committed on Dec 10 2012 


Merge branch ‘master’ of github.com:Atheros1/PyBitmessage | 4818717 © 
BB Jonathan Warren committed on Dec 10 2012 


Sort received-message-time by actual time rather than alphabetically e 
ie Atheros! committed on Dec 10 2012 


586896 > 


Commits on Dec 5, 2012 


Merge pull request #13 from Atheros1/master  -- & f2e043b o 
& Jonathan Warren committed on Dec 5 2012 


small changes including making the arrow keys work on the Inbox and 5S... -- Gs fa3F2de © 
ey Atheros! committed on Dec § 2012 


fixed issue: If subject in received message contained international... --- R  e69265e o 
& Atheros! committed on Dec 5 2012 


Commits on Dec 4, 2012 


Merge pull request #12 from Atheros1/master_ -- (&  6ae7b12 © 
a Jonathan Warren committed on Dec 4 2012 


update defaultKnownNodes e 
4 Atheros1 committed on Dec 4 2012 


b1b31b3 © 


Merge pull request #11 from Atherosi/master  --- & 
a Jonathan Warren committed on Dec 4 2012 


Obde7be © 
update defaultKnownNodes seazter © 
& Atheros! committed on Dec 4 2012 


Merge pull request #10 from Atherost/master  -.- & 1344022 © 
B Jonathan Warren committed on Dec 4 2012 


fixed line break display issue Gs aseaass © 
fe Atheros! committed on Dec 4 2012 


Commits on Nov 29, 2012 


Merge pull request #9 from maran/master_ -. & | 159676 oO 
B Jonathan Warren committed on Nov 29-2012 


https://github.com/Bitmessage/PyBitmessage/commits/master?before=634a49cd6d8fc2f5... 7/22/2019 
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Removed PyObjc dependency for OSX RL ac0es245 © 
BL maran committed on Nov 29 2012 


Merge pull request #7 from Atheros1/master  -- | pecscad © 
& Jonathan Warren committed on Nov 29 2012 


Increment version number e7tae23 o 
kk Atheros! committed on Nov 29 2012 


Fixed Reply UI to match what email reply does, made Inbox and Sent fi... -- &efesass © 
& Atheros! committed on Nov 29 2012 


Merge pull request #6 from maran/master_ -.- & | 367001 © 
iy Jonathan Warren committed on Nov 29 2012 


Rewrote the sqlite check to accept any number of version info & -f98093 © 
& maran committed on Nov 29 2012 


Load the first address in your list by default when composing a message 2  sadezss © 
£ maran committed on Nov 29 2012 


Commits on Nov 28, 2012 


Merge pull request #5 from Atheros1/master & esesbss © 
B Jonathan Warren committed on Nov 28 2012 


Corrected bug that prevented user from deleting a recently received m... -- G  2036ec6 ° 
a Atheros! committed on Nov 28 2012 


Fixed bug that prevented user from deleting a recently received message EG scfaszez © 
& Atheros! committed on Nov 28 2012 


Commits on Nov 27, 2012 


Merge pull request #4 from Atheros!/master -- 2 | s98basea © 
BR Jonathan warren committed on Nov 27 2012 


updated default bootstrap nodes BR | starids © 
& Atheros! committed on Nov 27 2012 


Commits on Nov 26, 2012 


Merge pull request #3 from Atheros1/master _ -.-  e2ede2s © 
& Jonathan Warren committed on Nov 26 2012 


fixed potential attack vector (attaching a bad version message as mes... --- | 2wecede © 
BB Atherost committed on Nov 26 2012 


Commits on Nov 25, 2012 


added the Can icon and added my icons folder to the repo 2 esearse © 
fe Jonathan Warren committed on Nov 25 2012 


Commits on Nov 23, 2012 


Merge pull request #2 from Atheros1/master  ..- & | 9054847 © 
& Jonathan Warren committed on Nov 23 2012 


Fixed POW, changed checksum, other minor changes (2  vesaris ry 
EB Jonathan Warren committed on Nov 23 2012 


Commits on Nov 22, 2012 


Single SHAS12 for checksum only & de73e21 o 
a Jonathan Warren committed on Nov 22 2012 
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 Bitmessage / PyBitmessage 


All your code in one place Dismiss 
Over 36 million developers use GitHub together to host and review code, project 
manage, and build software together across more than 100 million projects. 


Sign up for free | See pricing for teams and enterprises 


Reference client for Bitmessage: a P2P encrypted decentralised communication protocol: https://bitmessage.org/wiki/Main_Page 


® 1 commit P 2 branches ® 24 releases 42 103 contributors ge View license 


Tree f99ba7Sa37 ~ New pull request Find File Clone or download ~ 


& Atheros! added initial files to repo Latest commit £99ba75on Nov 19 2012 


™ sa added initial files to repo 7 years ago 
* README.md added initial files to repo 7 years ago 
about py added initial files to repo 7 years ago 
about.ui added initial files to repo 7 years ago 

- addresses.py added initial files to repo 7 years ago 
bitmessage_icons.qrc added initial files to repo 7 years ago 

" bitmessage_icons_rc.py added initial files to repo 7 years ago 
bitmessagemain.py added initial files to repo 7 years ago 
bitmessageui.py added initial files to repo 7 years ago 

* bitmessageui.ui added initial files to repo 7 years ago 
+ defaultKnownNodes.py added initial files to repo 7 years ago 
help.py added initial files to repo 7 years ago 
help.ui added initial files to repo 7 years ago 
iconglossary.py added initial files to repo 7 years ago 
iconglossary.ui added initial files to repo 7 years ago 
newaddressdialog, py added initial files to repo 7 years ago 
newaddressdialog.ui added initial files to repo 7 years ago 
newsubscriptiondialog.py added initial files to repo 7 years ago 
newsubscriptiondialog.ui added initial files to repo 7 years ago 
settings.py added initial files to repo 7 years ago 
settings.ui added initial files to repo 7 years ago 

README.md 


https://github.com/Bitmessage/PyBitmessage/tree/f99ba75a373 | d5af7efc99c0d4d401ca36... 7/22/2019 


~ PyBitmessage 
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() Bitmessage / PyBitmessage 


Add backend ability to understand shorter addresses. 


Introduces addresses version 4. 


PB vo.6 (#450) © v0.63 .. 063.1 


©" afontenot committed on Aug 12, 2013 


Showing 1 changed file with 23 additions and 2 deletions. 


Y 25 MMM src/addresses.py fet 


return sha2.digest()[@:32] 


def encodeAddress (version, stream, ripe): 


- if version >= 2: 





+ if version >= 2 and version < 4: 
if len(ripe) != 20: 


Browse files 


1 parent ac41469 commit 6a07a374a5c94bcaba350a9295 3d6dff1b41478 


Unified Split 


raise Exception("Programming error in encodeAddress: The length of a given ripe hash was not 206.") 


if ripe[:2] == '\x@0\xee': 
ripe = ripe[2:] 
elif ripe[:1] == ‘\x@e': 
ripe = ripe[1:] 
elif version == 4: 
if len(ripe) != 2: 


emptybitcounter = @ 
while True: 


break 
emptybitcounter += 1 
ripe = ripe[emptybitcounter: ] 


++ ert eereeet 


a = encodeVarint(version) + encodeVarint(stream) + ripe 


sha = hashlib.new('sha512") 
sha.update(a) 


#print ‘addressVersionNumber’, addressVersionNumber 


if ripe[emptybitcounter] != *\x@e': 


raise Exception("Programming error in encodeAddress: The length of a given ripe hash was not 20.") 


#print ‘bytesUsedByVersionNumber', bytesUsedByVersionNumber 


- if addressVersionNumber > 3: 





+ if addressVersionNumber > 4: 


print ‘cannot decode address version numbers this high’ 


status = ‘versiontoohigh’ 
return status,0,6,0 


return ‘ripetoolong',¢,0,0 


else: 


return ‘otherproblem',6,0,@ 


elif addressVersionNumber == 4: 


return ‘ripetoolong' ,6,0,0 


else: 


x@@string = '* 


x@@string += '\xee' 


++eeeetetee te t 





if len(data[bytesUsedByVersionNumber+bytesUsedByStreamNumber: -4]) > 20: 


elif len(data[bytesUsedByVersionNumber+bytesUsedByStreamNumber: -4]) «< 4: 


return ‘ripetooshort' ,6,0,6 


for i in range(2@ - len(data[bytesUsedByVersionNumber+bytesUsedByStreamNumber : -4])): 


return status, addressVersionNumber, streamNumber , xe@string+data[bytesUsedByVersionNumber+bytesUsedByStreamNumber: -4] 


https://github.com/Bitmessage/PyBitmessage/commit/f6a07a374a5c94bcaba350a92953d6dff1 b41478 
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From: Dave Kleiman. 
Tot Orla S Weohe 
Subject: Requested attached. 
Date: Friday, 24 June 2011 12:04:57 PM 
——— en 
‘Dilla Thust.ndt 
Importance: High 





Craig, 
I think you are mad and this is risky, but I believe in what we are trying to do. 


Dave Kleiman - http://www. ComputerPorensic®xaminer.com - http://www, Digital ForensicRxpert.com 
4371 Northlake Blvd #314 
Palm Beach Gardens, FL 33410 
561.310.8801 
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Another party will be selected without Dr Wright's knowledge. 
The following conditions are applicable at afl times: 
e = If Dr Wright should die before 2020, the entire minus an amount noted below value and 
trust holdings are to be transferred to Ramona Watts (Sydney Australia, born Oct 30” 1970). 


¢ fi should die, Dr Wright will be retuned shares In the Tulip trust and company 15 months 


after my death at his discretion. 
¢ The amount not included to be sent to Ramona Watts will be used to show the “Wes and 


fraud perpetrated by Adam Westwood of the Austrafian Tex Office against Or Wright” 
¢ The last condition Is listed as a direct quote of Or Wright wha has specified against my advice 


that he requires this line to be Included. 
| lastly acknowledge that | will not divulge the Identity of the Key with |ID C941FE6D nor of the origins 
of the sgtoshin@gmx.com email. 
Respectfully, 
Dave Kleiman - http://www.ComputerFarensicExaminer.com - 
http://www. DigitalForensicExpert.com 


4371 Northlake Blvd #314 
Palm Beach Gardens, FL 33410 
561.310.8801 
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ae 

er hay fof bem we cached et mat merch es ou yt try ste. arm cal rt et yu dane ven. Pw ned et eee iy 
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both Uyen and fsign, oF 

-Uyen and two others to transfer contrat, or 

| > Mysell and ene ether agra. 

ae cs AE, ae a H 
Presse note tut you have wade te aa you hove set: you need to bve with them. The paper walets I vetumed lo you nil be inchxed in the total for theloan. If i | 
you do anpthing on tha Gocchahy ¢ pote caper ang em Landy eae brmer et apes err wall, Keep it qset, ig 


‘You Linded the trust when Bitcors was worth hardy anything, but we have el at al we hove inte ts. So the gain bs met yours, it remsing with the trust and im tiene the foundsbon. Remember thet. 
‘The remandes of the trust vl vest when the conditions are Rifed, 
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Cracked, inSecure and Generally Broken 


The ravings of a SANS/GIAC GSE (Compliance & Malware) For more information on my role as a 
presenter and commentator on IT Security, Digital Forensics Statistics and Data Mining; E-mail me: 


“craigswright @ acm.org". 
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SUNDAY, 27 MARCH 2011 





~ Dr. Craig S Wright 
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Craig Wright Integyrs Pty Ltd was a company I started. 
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The IP is to do with Risk, algorithmic analysis, crypto and more. I helped 
design the world’s first on-line casino and more, but hey, they fail to 









understand. 
‘Name: : ea 
Reedy Wright So, as the IP is worth nothing, I will give them nothing. 4 
: craigswright@acm a 
org Dave K anda few people I know from Playboy Gaming are setting up a ie 
Definitely trust. We move this overseas and we will make it work. * 
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Bitcoin has value. It is not a hobby. 
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It sells for $5,000 now. Let us see just how much they cry when it is valued % 
in 2020. % 
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Tet Craig. $ Wiriohe 
Subject: Raquested attached. 
Date: Friday, 24 June 2011 12:04:57 PM 
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Tip Tost.ncf 
Importance: High 
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Respectfully, 


Dave Kleiman - http://www. ComputerForensicE-xaminer.com - http://www, Digital ForensicRxpert.com 


4371 Northlake Bivd #314 
Palm Beach Gardens, FL 33410 
561.310.8801 
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Another party will be selected without Dr Wright’s knowledge. 


The following conditions are applicable at all times: 

¢ If Or Wright should die before 2020, the entire minus en amount noted below value and 
trust holdings are to be transferred to Ramona Watts (Sydney Australia, born Oct 30 1970). 

e if ishauld die, Dr Wright will be retuned shares In the Tullp trust and company 15 months 
after my death at his discretion. 

¢ The emount not included to be sent to Ramona Watts will be used to show the “lies and 
fraud perpetrated by Adam Westwood of the Australian Tex Office against Or Wright” 

@ The last condition Is listed as a direct quote of Dr Wright who has specified against my advice 
that he requires this line to be Included. 


| lastly acknowledge that | will not divulge the Identity of the Key with ID C941FE6D nor of the origins 
of the satoshin@gmx.com email. 

Respectfully, 

Dave Kleiman - http://www.ComputerForensicExaminer.com - 

http://www. DigitalForensicExpert.com 


4371 Northlake Blvd #314 
Palm Beach Gardens, FL 33410 
561.310.8801 
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SS sn Gs st nor soto yet: Ts precana ts elnnd ao Ren, 
‘The keys are Gvided using the SSSS (Shame's secret sharing scheme) scheme you had us work on. There are 15 key segments. Its dvided with a threshold of 12. 


Uyen and I cannot let you know who the others are. You do not know them personally as far as { am aware. 


Please note that you have made me this agaist my wishes, but as you have set these conditons, you need to ive with them. The paper wallets I returned to you «i be induded in the otal for the loan. If 
you do anything on the Blockchain, remember your promise. I do not want the publicity from this, you would suffer as well. Keep it quet. 


You Lunded the trust when Gitcoin was worth hardy anything, but we have all put all we have into this. So the gain s not you's, it remans with the trust and in tme the foundaton. Remember thet. 


|The remainder of the trust wil vest when the conditons are hulled. 
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Myself and the others have the keys to exchange. Once you find the software you need, and « buyer who is ning to take Gitcon we wil ranafer the rights. 
‘You made the terms, but just remember, you are also bound by them. 
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‘This lady of yours sti wil nto say yes and sits on event tie pate protec vos om you, tn that te tn ot lo arin youhave not youre rita set a terms, ou weber You 
‘own conditons and only regain contre! in aie somes ‘accept you, $0 try not to be too grumpy when we make you stay in the nées. ] 


have my own Ife here and we all require that you do what you promised. 
‘The been remians and our terms wll need to be met. 
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Cracked, inSecure and Generally Broken 


The ravings of a SANS/GIAC GSE (Compliance & Malware) For more information on my role as a 
presenter and commentator on IT Security, Digital Forensics Statistics and Data Mining; E-mail me: 
“craigswright @ acm.org”. 
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ads 





/ 
5 
Ob6 7f9ea2 1bS{01 Sfaede74 aazasi370d0e 154 
0b67f9ea2 *bSf01SfaeQe7445882aaZa4i37040e154 41.47 MB 
86d47c760b3a0b936fe2bc 
Size 
Bilmessage%o20v0. 1.0.exe 
DETECTION DETAILS RELATIONS BEHAVIOR COMMUNITY 


Basic Properti 


MD5 

SHA-1 
SHA-256 
Authentihash 
Imphash 
SSDEEP 
File type 
Magic 

File size 


History 


Creation Time 


ia 


@) One engine detected this file 


es 


BYcbi4alO2e0ef9318b15697ca5a7edi 

88aa4s69cf64d62enb8CadddaS49607a2 7801015 

Ob67fSeaz 1 b6i0 1 Sfaede744568aa2asi37040e 15486047 c760b3 20bS36fe2bc 
886590 10629e3e 20f4eGde 7 14299e82a/9165adb50323aa777214e0a55134ed2 
acbc8{761f4e19d096101 11486326533 


2016-02-26 04:01:50 UTC of 
3 years age Ex 





196608.B/PF3TOMGujiPqzqMS4 1 Ny 7p05SrDAKEIntSBcCoHwmM+4PyQbJ{iSEe8HeCwl: V99WmPaqza4Xxy 7 purjXiow5 HObJISEs! 


Win32 EXE 
PE32Z executable for MS Windows {GUI} Intel 80386 32-bit 
44.417 MB (11777483 dyes) 


2042-05-25 09:26 27 


First Submission 2015-04-30 08:39 29 


Last Submission 
Last Analysis 


Names | 


2016-02-26 04:07 50 
2016-02-26 04:01 °50 


Bitmessage%20v0.1.0.exe 


Portable Executable Info 


Header 


Target Machine 


Intel 386 or later processors and compatidle processors 


Compilation Timestamp 2012-05-25 09:25:27 


Entry Point 37809 

Contained Sections 5 

Sections 

Name Virtual Address Virtual Size Raw Size Entropy 
text 4096 77183 77312 6.62 
data 81920 25770 26112 64 
data 12680 4608 2.06 
sre SO5660 4705984 4.75 
reloc $214 5632 §.04 





MD5 
ibfad456795cb6dbfcdbbc63e3dc957e75 
c58d8ff39563037¢d876c7e24bc6b38ab 
36afS65c4 1c9a801 1597102 24d3e40 
4dc4ebef2a 1!4ca 1 daf49dd5cd0 11492 


83ac950493 7 90ec68F7 08 1369a27c03e 
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rt: 
y>T 0b67f9ea21b6F01 5fae0e744588aa2a4t37040e15486d47c 760b3a0b936fe2be Q A B88 Signin 
+ KERNEL32.<ll 


+ USER32.cll 


+ WS2_32.dll 


Contained Resources By Type 


RT_ICON 7 
RT_GROUP_ICON 2 


Contained Resources By Lanquage 
NEUTRAL 9 


Contained Resources 


SHA-256 File Type Type Language 
Tee9ad3f9d09e280676be6e2922 145ce53267 568061 data RT_ICON NEUTRAL 
b51da3722fed4cf7e837d837382be8h3cc8 11977192... data RT_ICON NEUTRAL 
9ccb15a2a2 1da8ddaSc797896o5d2cdf28be67 7640 dala RT_ICON NEUTRAL 
€€640013b9bb626d784302b9acdeScdde3799c6369... data RT_ICON NEUTRAL 
aal375ebb98ddSee4ecS4c9aa4tunfs4adi4iali3ib. data RT_ICON NEUTRAL 
c5536b396bebdcic96f4 e4f7 7cc7007b2aS6730eeS7... data RT_ICON NEUTRAL 
ac2e25dc4a4f7bd96aNbci3eab3cd ibct26a6t6a0583. . data RT_ICON NEUTRAL 
£4764d2d9673399ab755243 14a3ba694597créa3e1... data RT_GROUP_ICON NEUTRAL 
{5b94a42f1c77c9eef858a0did6564 19fea900b00318... data RT_GROUP_ICON NEUTRAL 


ExifTool File Metadata 


CodeSize 77312 
EntryPoint Ox93b1 
FileType Win32 EXE 
FileTypeExtension exe 
ImageVersion 0.0 
InitializedDataSize 142336 
LinkerVersion 10.9 


MIMEType application/octet-stream 
MachineType Intel 386 or later, and compatibles 
OSVersion 5.1 

PEType PE32 

Subsystem Windows GUI 

SubsystemVersion 51 

TimeStamp 2012:05:25 16:26:27+01:00 


UninitializedDataSize 


i) 
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VirusTotal 


Contact Us 
How It Works 
Terms of Service 
Privacy Policy 
Blog 


Community 


Join Community 
Vote and Comment 
Contributors 

Top Users 

Latest Comments 


Tools 


API Serpts 

YARA 

Desktop Apps 
Browser Extensions 


Mobile App 


Premium Services 


intelligence 
Hunting 
Graph 

API 
Monstor 
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Documentation 
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MY SUBREDDITS POPULAR ~ ALL - RANDOM - USERS | ASKREDDIT - NEWS - FUNNY - GAMING - PICS - TODAYILEARNED - WORIGIMEWS 
CRYPTOGRAPHY comments Wart [0 join? Log in or sign up in seconds. | English 
Xx | search 


Where a community 
about your favorite 
things is waiting for this post was submitted on 05 Oct 2012 
you. 2 points (75% upvoted) 


BECOME A REDDITOR shortlink: https : //redd ° it/1101n 
[RSA] Given two different messages 

2 and two different public keys, can an Mena REEaNe 
attacker determine which key was — 
used on which message? (seiscryptography) J remember me reset password | login | 
Submitted 6 years ago by atheros : 
penutikt 

I've emailed a former professor who 

wasn't completely sure but helped me Feed them like family 


formalize the problem into this title. <S °” with natural BLUE foods. 








Is the answer to this question different 
for RSA and ECC? (and other public key 
algorithms?) 








Ne 





2comments share save hide report 


all 2 comments 
sorted by: best 





Want to add to the discussion? 
Post a comment! Submit a new link 


CREATE AN ACCOUNT 
ee Submit a new text post 





{-] johnpaulsmith 2 points 6 years ago 

RSA: this is just in theory, but in 

extraordinarily rare cases, where there was 

some difference between the size of the 'n' Getan ae freerevderience vite Special 
values for the two keys, and one key just enefits. and directly support Reddit, 
happened to map a plain-text value into a joeeees 

cipher-text value that was out of the range Get Reddit Premium 
of the other key's 'n' value, it would be Sire 

possible to tell which key encrypted which 


message. However, it is exceedingly unlikely cryptography 
that this would happen in practice. [join | 23,985 readers 


17 users here now 





Other than that, I don't believe there is any 
way to determine which key was used for 
which message. 
permalink embed save 

{[-} atheros {S} i point 6 years ago 

Excellent! Thank you very much! 


permalink embed save parent 
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From Greek kpuUntw krypto "hidden" and the 
verb ypa@w grafo "to write” or A€yetv legein "to 
speak". 

Cryptography is the practice of establishing a 
secure connection between two parties in the 
presence of a third party whom you don't want 
to be able to read your messages. 


Cryptographers design algorithms and 
protocols, which do exactly this (and many 
other things). They also use a lot of time 
looking for security holes in existing protocols to 
make sure they can still be trusted. This is 
called cryptanalysis. 


If you want a formal introduction to 
cryptography, you should read An Introduction 
to Mathematical Cryptography. Moderators also 
approve of the Udacity course Applied 
Cryptography - A Science of Secrets. 

We have a very important rule on this 
subreddit, we won't solve your ciphers 
unless you provide us with an algorithm. If 
anyone sends you a code or a cipher without 
telling you how they encrypted, don't bother 
posting it on this subreddit - your post will get 
deleted. We redirect you to /r/breakmycode or 
/r/codes. Thank you for your understanding and 
for following the rules. 


Related Subreddits: 


e /r/intelligence 
/r/crypto 
e /r/privacy 


e /r/Bitcoin 


/ - The Bitcoin protocol is a 
cryptographic protocol. 


e /r/compsci - Cryptography is technically a 
subdisclipline of computer science. 
e /r/math (modern cryptography is very, 


very reliant on math) 


a community for 11 years 





Feed them like family 
" with natural BLUE foods. 
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From: Allan Pedersen 

Sent: ‘Tuesday, December 2. 2014 4:34 AM 

To: jonathan’@ bitmessage.org 

CC: Craig S Wnght 

Subject: BitMessage: Secunty Software Code review 
Attachments: 20 141202 Security Review Activities V3.0 xlsx 


Hi Jonathan, 


t have been assigned as project manager for the Static Security Software Code Review of the BitMessage Software as agreed with Craig Wright on 17" 


November 2014. 
My contact details are: 


*® Name: Allan Pedersen 
eMooile: +61400881128 
© Company: Panopticrypt 


The current BitMessage code base is of considerable size (15702 SLOCs) and the security review will need to be carried out in a phased approach. We are keen to 
understand your view on priorities and the maturity af SW components. 


Piease, update the following two columns in the attached document: 


e Security priority (1 to 10) - 10 is High priority; and 
¢SW Maturity level (High: Component is very stable, chance of any updates is low. Medium: On the way to being stable, some updates planned / on the 
way. Low: Not stable at al’. Needs updates in terms of design and/or development) 


This will help us plan and orlorit'ze the overall review activity with emphasis on critical areas to be improved immediately. 
Also, will you be in a position to provide documents detailing? 


* The intended system architecture. 

© The standards, protocols used during design and development. 

* Database structure, Sequence Diagrams, Logic for Multi-threads. 
#Role of third party components (pyQT4, OpenSSL, namecoind etc.). 
© International language(s) support. 

eNamecoin Integration 


Please, don't hesitate calling me on my mobile any time if you will need further information. 


Will you be available for a Teleconference tomorrow or later this week? That will allow me to introduce you to our team. 


Preliminary observations and findings: 
4 preliminary BitMessage Software assessment has been carried out based on the following information: 


1. Elementary reading of the 2 whitepapers: 
* https://bitmessage.org/bitmessage.pdf 
© https://bitmessage.org/Bitmessage%20T echnical%20Paper.pdf 
2. Online BitMessage articles/discussions 
3. Class Diagrams created by reverse engineering of the source code. 
4. Automated scan of the source code (by SonarQube) ~ see attached spreadsheet. 
5. Online research 


Findings derived from whitepapers & online research (business logic issues) 


1. Anonymity 
Anonymity seems to be a problem in the developed system. After an initial read, it seems that the system is vulnerable to Sybil attacks. Also, the 
acknowledgement logic seems to be insufficient to guard a node's identity. 


Sybil attack 


In a BitMessage network, an attacker could flood clusters with malicious nodes that fake network activity in the hopes of drowning out the number of 
legitimate users per cluster. They can filter off their own traffic and that could severely degrade the anonymity provided to the legitimate clients. 


Acknowledgement Logic 


This design might compromise the ‘anonymity’ clause to some level. If an attacker enumerates all of the nodes in a channel, he can observe when these 
nodes are connected to the BitMessage network. Imagine that Alice sends Bob a message, but Bob is not online for two days. Now Alice resends the 
message. If the message Alice resends is identical to the original message, the attacker can conclude that the message is going to a client that has not 
been online in the two day period from when the message was originally sent. If Alice doesn't resend the message again after 4 days, the allacker 
= that Bob is one of the nodes that wasn't online in the original two day time frame, and also one of the nodes who was online in the 4 days after 
that. 


Findings derived from initial scan of software and reverse engineering of SW creating class diagrams. 


We carried out a quick scan of the source code (SonarQube) and reverse engineered to derive the class diagrams. Following are the common observations: 


1. The application is using PyQt4 and OpenSSL which are Open sources and should be reviewed from security prospective. 

2. The i sscbnoy is using queries strings for SQLLite. The parameters validations for td should be reviewed from security prospective. 

3. Multi- Thread logic should be considered from security prospective. Ensure no thread safe issues. Check synchronization. 

4. We have observed that file ‘bitmessage_icons_rc.py’ contains hard coded ascii strings (Resource object code in UTF-8). Common development practice is 
to generate such strings dynamically rather than hard coding in a source file. 

5. There is huge class which have a lot of dependencies with another classes. This class should be considered for refactoring according to common practice 
of OOP. See SonarQube report notes below. 


Some of example of issues found are as below: 
File: src/bitmessageqt/___init__.py 


Avod too complex tile. File has a complexity of 654 which is greater thar 80 authorized 





BEV_00321565-1 
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‘the cyclomatic complexity of a file should rot exceed a defined threshold. Complex code can perform poorly and will in any case be diff cuit to understand and 
therefore to maintain. Security/Memory Leaking and Performance/Algorithm’s Performance 


Fifes should not have too many lires: A source file that grows too much tends to aggregate too many responsibilities and inevitably becomes harder to 
understand and therefore to maintain. Above a specific threshold, it is strongly advised to refactor it into smalier pieces of code which focus an well-defined 
tasks. Those smailer files will not only be easier to understard but also orobably easier to test. 


“Myform” class in the file has a complexity of 582 which is greater than 80 authorized. Avoid too complex class. The cyclomatic complexity of a class should not 
exceed a defined threshold. Complex code can perform poorly and will in any case be difficult to understand and therefore to maintain 


File; src/pyelliptic/openss!.py — Wrapper of OpenSSL 
Contro’ flow statements "if", “for”, "while", "try" and “with" should not be nested too deeply 


Nested if, for, while, try and with statements is a key ingredient for making what's known as “Spaghetti code". Such code is hard to read, refactor and therefore 
maintair. 


Cheers, Allan 


BEV_00321565-2 
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Static Software Security Code Review 


Review Component: BitMessage 
Date: 02/12/2014 
References: 


Static Security Code Review Activities 







priority | SW Maturity 
(1 to 10) level (High, 
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